Expedition Updates with SSL Inspection

L1 Bithead

Expedition Updates with SSL Inspection

I ran into issues updating Expedition through my PAN Firewall running SSL decryption.

 

After a bit of troubleshooting there are two changes I needed to make on the expedition VM.

 

  1.  Update cert file with your SSL Decrypt cert - This allows apt to trust your SSL decryption certificate
    1. Export the Root CA that signed your SSL cert in base64/PEM format
    2. Append the raw text of that SSL Cert to /etc/ssl/certs/ca-certificates.crt
  2. Configure PIP to use that certificate Store - This tells pip to read your SSL certificate store
    1. create /etc/pip.conf and add the following configuration
      [global]
      cert = /etc/ssl/certs/ca-certificates.crt

I also needed to allow this system to download EXE's from the Internet, once PIP started trusting my decryption certificate, I discovered that PIP is downloading EXE's(normally for windows) as part of its script for some reason and this was causing it to throw errors.

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!